Description

A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak (CVE-2017-7529).

When using nginx with standard modules this allows an attacker to obtain a cache file header if a response was returned from cache. In some configurations a cache file header may contain IP address of the backend server or other sensitive information.

Besides, with 3rd party modules it is potentially possible that the issue may lead to a denial of service or a disclosure of a worker process memory. No such modules are currently known though. The issue affects nginx versions 0.5.6 to 1.13.2. The vulnerability was fixed with nginx 1.12.1 and 1.13.3.

Remediation

Upgrade to the latest version of nginx. The issue was fixed in nginx versions 1.13.3, 1.12.1.

References

Related Vulnerabilities